From 2adbe1e63bc313d03e8e84e652cc623af8ebb163 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 15 Mar 2017 07:07:39 +0000 Subject: [PATCH 01/12] upstream commit disallow KEXINIT before NEWKEYS; ok djm; report by vegard.nossum at oracle.com Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 --- kex.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kex.c b/kex.c index 8ac00299c..cf4ac0dc5 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.130 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -341,7 +341,6 @@ kex_reset_dispatch(struct ssh *ssh) { ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } static int @@ -431,6 +430,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) debug("SSH2_MSG_NEWKEYS received"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); if ((r = sshpkt_get_end(ssh)) != 0) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) @@ -545,6 +545,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) goto out; kex->done = 0; kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); r = 0; *kexp = kex; out: From 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Mar 2017 09:58:34 +1100 Subject: [PATCH 02/12] create test mux socket in /tmp Creating the socket in $OBJ could blow past the (quite limited) path limit for Unix domain sockets. As a bandaid for bz#2660, reported by Colin Watson; ok dtucker@ --- regress/forwarding.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 60c37d896..45c596d7d 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -10,7 +10,7 @@ start_sshd base=33 last=$PORT fwd="" -CTL=$OBJ/ctl-sock +CTL=/tmp/openssh.regress.ctl-sock.$$ for j in 0 1 2; do for i in 0 1 2; do From 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Mar 2017 11:48:34 +1100 Subject: [PATCH 03/12] Yet another synonym for ASCII: "646" Used by NetBSD; this unbreaks mprintf() and friends there for the C locale (caught by dtucker@ and his menagerie of test systems). --- utf8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utf8.c b/utf8.c index f2c89a26b..d38902032 100644 --- a/utf8.c +++ b/utf8.c @@ -61,7 +61,7 @@ dangerous_locale(void) { loc = nl_langinfo(CODESET); return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && - strcmp(loc, "ANSI_X3.4-1968") != 0; + strcmp(loc, "ANSI_X3.4-1968") != 0 strcmp(loc, "646") != 0; } static int From 89f04852db27643717c9c3a2b0dde97ae50099ee Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Mar 2017 11:53:34 +1100 Subject: [PATCH 04/12] on Cygwin, check paths from server for backslashes Pointed out by Jann Horn of Google Project Zero --- sftp-client.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sftp-client.c b/sftp-client.c index d47be0ea5..a6e832270 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -67,6 +67,13 @@ extern int showprogress; /* Maximum depth to descend in directory trees */ #define MAX_DIR_DEPTH 64 +/* Directory separator characters */ +#ifdef HAVE_CYGWIN +# define SFTP_DIRECTORY_CHARS "/\\" +#else /* HAVE_CYGWIN */ +# define SFTP_DIRECTORY_CHARS "/" +#endif /* HAVE_CYGWIN */ + struct sftp_conn { int fd_in; int fd_out; @@ -619,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, * These can be used to attack recursive ops * (e.g. send '../../../../etc/passwd') */ - if (strchr(filename, '/') != NULL) { + if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) { error("Server sent suspect path \"%s\" " "during readdir of \"%s\"", filename, path); } else if (dir) { From db84e52fe9cfad57f22e7e23c5fbf00092385129 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Mar 2017 12:07:20 +1100 Subject: [PATCH 05/12] I'm a doofus. Unbreak obvious syntax error. --- utf8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utf8.c b/utf8.c index d38902032..dead79b8a 100644 --- a/utf8.c +++ b/utf8.c @@ -61,7 +61,7 @@ dangerous_locale(void) { loc = nl_langinfo(CODESET); return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && - strcmp(loc, "ANSI_X3.4-1968") != 0 strcmp(loc, "646") != 0; + strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0; } static int From 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 20 Mar 2017 01:18:59 +0000 Subject: [PATCH 06/12] upstream commit openssh-7.5 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 --- version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.h b/version.h index 269ebcdaf..c86e2097c 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ +/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */ -#define SSH_VERSION "OpenSSH_7.4" +#define SSH_VERSION "OpenSSH_7.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE From 72536316a219b7394996a74691a5d4ec197480f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Mar 2017 12:23:04 +1100 Subject: [PATCH 07/12] crank version numbers --- README | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 60594eeb9..bda852548 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes. +See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 666097c5e..7de45457a 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 7.4p1 +%define ver 7.5p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 4c4bbb69c..e62be39d0 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.4p1 +Version: 7.5p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz From d38f05dbdd291212bc95ea80648b72b7177e9f4e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Mar 2017 13:38:27 +1100 Subject: [PATCH 08/12] Add llabs() implementation. --- configure.ac | 1 + openbsd-compat/bsd-misc.c | 8 ++++++++ openbsd-compat/bsd-misc.h | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/configure.ac b/configure.ac index f5c1bea02..c2878e3d4 100644 --- a/configure.ac +++ b/configure.ac @@ -1717,6 +1717,7 @@ AC_CHECK_FUNCS([ \ inet_ntoa \ inet_ntop \ innetgr \ + llabs \ login_getcapbool \ md5_crypt \ memmove \ diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 6f3bc8f1d..cfd73260a 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n) return 1; } #endif + +#ifndef HAVE_LLABS +long long +llabs(long long j) +{ + return (j < 0 ? -j : j); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 6f08b09fa..70a538f04 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); void warn(const char *, ...) __attribute__((format(printf, 1, 2))); #endif +#ifndef HAVE_LLABS +long long llabs(long long); +#endif + #endif /* _BSD_MISC_H */ From 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 21 Mar 2017 08:47:55 +1100 Subject: [PATCH 09/12] Fix syntax error on Linux/X32 Patch from Mike Frysinger --- sandbox-seccomp-filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 3a1aedce7..a8d472a63 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = { * x86-64 syscall under some circumstances, e.g. * https://bugs.debian.org/849923 */ - SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); + SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT), #endif /* Default deny */ From 096fb65084593f9f3c1fc91b6d9052759a272a00 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 20 Mar 2017 22:08:06 +0000 Subject: [PATCH 10/12] upstream commit remove /usr/bin/time calls around tests, makes diffing test runs harder. Based on patch from Mike Frysinger Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c --- regress/keytype.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/regress/keytype.sh b/regress/keytype.sh index 8f697788f..88b022de4 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -1,13 +1,8 @@ -# $OpenBSD: keytype.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: keytype.sh,v 1.5 2017/03/20 22:08:06 djm Exp $ # Placed in the Public Domain. tid="login with different key types" -TIME=`which time 2>/dev/null` -if test ! -x "$TIME"; then - TIME="" -fi - cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak @@ -26,8 +21,8 @@ for kt in $ktypes; do rm -f $OBJ/key.$kt bits=`echo ${kt} | awk -F- '{print $2}'` type=`echo ${kt} | awk -F- '{print $1}'` - printf "keygen $type, $bits bits:\t" - ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ + verbose "keygen $type, $bits bits" + ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ fail "ssh-keygen for type $type, $bits bits failed" done @@ -63,8 +58,8 @@ for ut in $ktypes; do ) > $OBJ/known_hosts cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER for i in $tries; do - printf "userkey $ut, hostkey ${ht}:\t" - ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true + verbose "userkey $ut, hostkey ${ht}" + ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true if [ $? -ne 0 ]; then fail "ssh userkey $ut, hostkey $ht failed" fi From 58b8cfa2a062b72139d7229ae8de567f55776f24 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 22 Mar 2017 12:43:02 +1100 Subject: [PATCH 11/12] Missing header on Linux/s390 Patch from Jakub Jelen --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index a8d472a63..2831e9d10 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -50,6 +50,9 @@ #include #include +#ifdef __s390__ +#include +#endif #include #include From 7af27bf538cbc493d609753f9a6d43168d438f1b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 24 Mar 2017 09:44:56 +1100 Subject: [PATCH 12/12] Enable ldns when using ldns-config. Actually enable ldns when attempting to use ldns-config. bz#2697, patch from fredrik at fornwall.net. --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index c2878e3d4..82b28ce9a 100644 --- a/configure.ac +++ b/configure.ac @@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns, else LIBS="$LIBS `$LDNSCONFIG --libs`" CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + ldns=yes fi elif test "x$withval" != "xno" ; then CPPFLAGS="$CPPFLAGS -I${withval}/include"